finish restructure

Author: lmarschall

backend/dashboard/src/services/wembat.ts

@@ -28,7 +28,7 @@ export class WembatRequestService {
 
     public async applicationUpdate(data: any): Promise<boolean> {
         try {
-            await axios.post(`${this.tokenStore.apiUrl}/admin/application/update`, data, {
+            await axios.post(`${this.tokenStore.apiUrl}/api/application/update`, data, {
                 headers: {
                     Authorization: `Bearer ${this.tokenStore.token}`,
                 },
@@ -42,7 +42,7 @@ export class WembatRequestService {
 
     public async applicationList(): Promise<Application[]> {
         try {
-            let listRequest = await axios.get(`${this.tokenStore.apiUrl}/admin/application/list`, {
+            let listRequest = await axios.get(`${this.tokenStore.apiUrl}/api/application/list`, {
                 headers: {
                     Authorization: `Bearer ${this.tokenStore.token}`,
                 },
@@ -56,7 +56,7 @@ export class WembatRequestService {
 
     public async applicationCreate(data: any): Promise<boolean> {
         try {
-            await axios.post(`${this.tokenStore.apiUrl}/admin/application/create`, data, {
+            await axios.post(`${this.tokenStore.apiUrl}/api/application/create`, data, {
                 headers: {
                     Authorization: `Bearer ${this.tokenStore.token}`,
                 },
@@ -70,7 +70,7 @@ export class WembatRequestService {
 
     public async applicationDelete(data: any): Promise<boolean> {
         try {
-            await axios.post(`${this.tokenStore.apiUrl}/admin/application/delete`, data, {
+            await axios.post(`${this.tokenStore.apiUrl}/api/application/delete`, data, {
                 headers: {
                     Authorization: `Bearer ${this.tokenStore.token}`,
                 },
@@ -84,7 +84,7 @@ export class WembatRequestService {
 
     public async applicationToken(data: any): Promise<string> {
         try {
-            let tokenRequest = await axios.post(`${this.tokenStore.apiUrl}/admin/application/token`, data, {
+            let tokenRequest = await axios.post(`${this.tokenStore.apiUrl}/api/application/token`, data, {
                 headers: {
                     Authorization: `Bearer ${this.tokenStore.token}`,
                 },

backend/src/api/application/applicationCreate.ts

@@ -1,7 +1,7 @@
 import { Request, Response } from "express";
 import { Application, PrismaClient } from "@prisma/client";
 import { ApplicationInfo } from "../types";
-import { applicationKeys } from "../../application";
+import { domainWhitelist } from "../../app";
 
 const prisma = new PrismaClient();
 
@@ -24,7 +24,7 @@ export async function applicationCreate(req: Request, res: Response) {
 			}) as Application;
 
 		const appUrl = `https://${app.domain}`;
-		applicationKeys.push(appUrl);
+		domainWhitelist.push(appUrl);
 
         res.status(200).send();
 

backend/src/api/application/applicationDelete.ts

@@ -1,7 +1,7 @@
 import { Application, PrismaClient } from "@prisma/client";
 import { Request, Response } from "express";
 import { ApplicationInfo } from "../types";
-import { applicationKeys } from "../../application";
+import { domainWhitelist } from "../../app";
 
 const prisma = new PrismaClient();
 
@@ -23,10 +23,10 @@ export async function applicationDelete(req: Request, res: Response) {
 			}) as Application;
 
 		const appUrl = `https://${app.domain}`;
-		const index = applicationKeys.indexOf(appUrl);
+		const index = domainWhitelist.indexOf(appUrl);
 
 		if (index !== -1) {
-			applicationKeys.splice(index, 1);
+			domainWhitelist.splice(index, 1);
 		}
 
 		res.status(200).send();

backend/src/api/application/applicationUpdate.ts

@@ -1,7 +1,7 @@
 import { Application, PrismaClient } from "@prisma/client";
 import { Request, Response } from "express";
 import { ApplicationInfo } from "../types";
-import { applicationKeys } from "../../application";
+import { domainWhitelist } from "../../app";
 
 const prisma = new PrismaClient();
 
@@ -38,11 +38,11 @@ export async function applicationUpdate(req: Request, res: Response) {
 			}) as Application;
 
 		const appUrl = `https://${tempApp.domain}`;
-		const index = applicationKeys.indexOf(appUrl);
+		const index = domainWhitelist.indexOf(appUrl);
 
 		if (index !== -1) {
 			const newAppUrl = `https://${app.domain}`;
-			applicationKeys[index] = newAppUrl;
+			domainWhitelist[index] = newAppUrl;
 		}
 
 		res.status(200).send();

backend/src/api/index.ts

@@ -5,106 +5,103 @@ import { applicationCreate } from "./application/applicationCreate";
 import { applicationToken } from "./application/applicationToken";
 import { applicationUpdate } from "./application/applicationUpdate";
 import { applicationDelete } from "./application/applicationDelete";
-import { createAdminJWT } from "../crypto";
 import { requestRegister } from "./webauthn/requestRegister";
-import { validateAdminFunctions, validateAppFunctions, validateWebAuthnFunctions } from "./validate";
 import { register } from "./webauthn/register";
 import { refresh } from "./webauthn/refresh";
 import { onboard } from "./webauthn/onboard";
 import { requestOnboard } from "./webauthn/requestOnboard";
 import { updateCredentials } from "./webauthn/updateCredentials";
 import { requestLogin } from "./webauthn/requestLogin";
 import { login } from "./webauthn/login";
+import { validateWebAuthnToken } from "./validate/validateWebAuthn";
+import { validateApplicationToken } from "./validate/validateApplication";
+import { validateAdminToken } from "./validate/validateAdmin";
+import { serverExportPublicKey } from "./server/serverExportPublicKey";
 
 export const apiRouter = Router();
 
 const dashboardUrl = process.env.DASHBOARD_URL || "http://localhost:9090";
 
 apiRouter.get(
 	"/application/list",
-	validateAdminFunctions,
+	[validateAdminToken],
 	async (req: Request, res: Response) => applicationList(req, res)
 );
 
 apiRouter.post(
 	"/application/token",
-	validateAdminFunctions,
+	[validateAdminToken],
 	async (req: Request, res: Response) => applicationToken(req, res)
 );
 
 apiRouter.post(
 	"/application/create",
-	validateAdminFunctions,
+	[validateAdminToken],
 	async (req: Request, res: Response) => applicationCreate(req, res)
 );
 
 apiRouter.post(
 	"/application/update",
-	validateAdminFunctions,
+	[validateAdminToken],
 	async (req: Request, res: Response) => applicationUpdate(req, res)
 );
 
 apiRouter.post(
 	"/application/delete",
-	validateAdminFunctions,
+	[validateAdminToken],
 	async (req: Request, res: Response) => applicationDelete(req, res)
 );
 
 apiRouter.post(
 	"/webauthn/request-register",
-	validateAppFunctions,
+	[validateApplicationToken],
 	async (req: Request, res: Response) => requestRegister(req, res)
 );
 
 apiRouter.post(
 	"/webauthn/register",
-	validateAppFunctions,
+	[validateApplicationToken],
 	async (req: Request, res: Response) => register(req, res)
 );
 
 apiRouter.post(
 	"/webauthn/request-login",
-	validateAppFunctions,
+	[validateApplicationToken],
 	async (req: Request, res: Response) => requestLogin(req, res)
 );
 
 apiRouter.post(
 	"/webauthn/login",
-	validateAppFunctions,
+	[validateApplicationToken],
 	async (req: Request, res: Response) => login(req, res)
 );
 
 apiRouter.post(
 	"/webauthn/update-credentials",
-	validateWebAuthnFunctions,
+	[validateWebAuthnToken],
 	async (req: Request, res: Response) => updateCredentials(req, res)
 );
 
 apiRouter.post(
 	"/webauthn/request-onboard",
-	validateWebAuthnFunctions,
+	[validateWebAuthnToken],
 	async (req: Request, res: Response) => requestOnboard(req, res)
 );
 
 apiRouter.post(
 	"/webauthn/onboard",
-	validateWebAuthnFunctions,
+	[validateWebAuthnToken],
 	async (req: Request, res: Response) => onboard(req, res)
 );
 
 apiRouter.post(
 	"/webauthn/refresh-token",
-	validateAppFunctions,
+	[validateApplicationToken],
 	async (req: Request, res: Response) => refresh(req, res)
 )
 
-export async function initAdmin(): Promise<boolean> {
-	try {
-		const token = await createAdminJWT();
-		console.log(`Dashboard Url: ${dashboardUrl}/${token}`);
-		return true;
-	} catch (err) {
-		console.error(err);
-		return false;
-	}
-}
+apiRouter.get(
+    "/server/publicKey",
+    [validateApplicationToken],
+    async (req: Request, res: Response) => serverExportPublicKey(req, res)
+);

backend/src/api/server/index.ts

@@ -1,5 +1,5 @@
 import { Request, Response } from "express";
-import { exportPublicKey } from "../../../crypto";
+import { exportPublicKey } from "../../crypto";
 
 export async function serverExportPublicKey(req: Request, res: Response) {
     try {

backend/src/api/server/functions/serverExportPublicKey.ts backend/src/api/server/serverExportPublicKey.ts

@@ -1,7 +1,6 @@
 import { Request, Response } from "express";
-import { checkForWebAuthnToken } from "../../../redis";
 import { decodeProtectedHeader, importJWK, jwtVerify } from "jose";
-import { publicKeyJwk } from "../../../crypto";
+import { publicKeyJwk } from "../../crypto";
 
 const serverUrl = process.env.SERVER_URL || "http://localhost:8080";
 

backend/src/api/validate/index.ts

@@ -1,6 +1,6 @@
 import { Request, Response } from "express";
 import { decodeProtectedHeader, importJWK, jwtVerify } from "jose";
-import { publicKeyJwk } from "../../../crypto";
+import { publicKeyJwk } from "../../crypto";
 
 const serverUrl = process.env.SERVER_URL || "http://localhost:8080";
 

backend/src/api/validate/functions/validateAdmin.ts backend/src/api/validate/validateAdmin.ts

@@ -1,7 +1,6 @@
 import { Request, Response } from "express";
-import { checkForWebAuthnToken } from "../../../redis";
 import { decodeProtectedHeader, importJWK, jwtVerify } from "jose";
-import { publicKeyJwk } from "../../../crypto";
+import { publicKeyJwk } from "../../crypto";
 
 const serverUrl = process.env.SERVER_URL || "http://localhost:8080";
 

backend/src/api/validate/functions/validateApplication.ts backend/src/api/validate/validateApplication.ts

@@ -3,15 +3,17 @@ import helmet from "helmet";
 import express from "express";
 import bodyParser from "body-parser";
 import compression from "compression";
-
 import { rateLimit} from "express-rate-limit";
+
+import { apiRouter } from "./api";
 import { initRedis } from "./redis";
-import { initCrypto } from "./crypto";
-import { applicationKeys, initApplications } from "./application";
-import { apiRouter, initAdmin } from "./api";
-import { initServer } from "./api/server";
+import { PrismaClient } from "@prisma/client";
+import { createAdminJWT, initCrypto } from "./crypto";
 
 const port = 8080;
+const dashboardUrl = process.env.DASHBOARD_URL || "http://localhost:9090";
+const prisma = new PrismaClient();
+export const domainWhitelist = new Array<string>();
 
 const limiter = rateLimit({
   windowMs: 15 * 60 * 1000, // 15 minutes
@@ -20,11 +22,6 @@ const limiter = rateLimit({
 
 async function init() {
 
-  if (!await initServer()) {
-    console.error("Failed to initialize server");
-    return;
-  }
-
   if (!await initCrypto()) {
     console.error("Failed to initialize crypto");
     return;
@@ -40,7 +37,7 @@ async function init() {
     return;
   }
 
-  if (!await initApplications()) {
+  if (!await initWhitelist()) {
     console.error("Failed to initialize applications");
     return;
   }
@@ -52,7 +49,7 @@ async function init() {
 
     const origin = req.header("Origin");
     const method = req.method;
-    const isDomainAllowed = applicationKeys.indexOf(origin) !== -1;
+    const isDomainAllowed = domainWhitelist.indexOf(origin) !== -1;
 
     console.log(`Request from ${origin} with method ${method} is allowed: ${isDomainAllowed}`);
 
@@ -93,3 +90,31 @@ async function init() {
 }
 
 init();
+
+async function initAdmin(): Promise<boolean> {
+	try {
+		const token = await createAdminJWT();
+		console.log(`Dashboard Url: ${dashboardUrl}/${token}`);
+		return true;
+	} catch (err) {
+		console.error(err);
+		return false;
+	}
+}
+
+async function initWhitelist(): Promise<boolean> {
+	try {
+		
+		const apps = await prisma.application.findMany();
+
+		for (const app of apps) {
+			const appUrl = `https://${app.domain}`;
+			domainWhitelist.push(appUrl);
+		}
+		domainWhitelist.push(dashboardUrl);
+		return true;
+	} catch (err) {
+		console.error(err);
+		return false;
+	}
+}